mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add ASN_ prefixes to ISSUER, SUBJECT, BEFORE, and AFTER enum constants defined in wolfssl/wolfcrypt/asn.h.

This commit is contained in:
Daniel Pouzzner 2024-04-20 00:45:12 -05:00
parent 198f4030e8
commit 41efa0492c
9 changed files with 96 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/crl.c
View File

@ -426,7 +426,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
#endif
{
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, ASN_AFTER)) {
WOLFSSL_MSG("CRL next date is no longer valid");
nextDateValid = 0;
}

10
src/internal.c
View File

@ -12636,7 +12636,7 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
name->dynamicName = 0;
}
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX);
name->name[ASN_NAME_MAX - 1] = '\0';
name->sz = (int)XSTRLEN(name->name) + 1;
@ -12821,7 +12821,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->version = dCert->version + 1;
CopyDecodedName(&x509->issuer, dCert, ISSUER);
CopyDecodedName(&x509->issuer, dCert, ASN_ISSUER);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (dCert->issuerName != NULL) {
wolfSSL_X509_set_issuer_name(x509,
@ -12829,7 +12829,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->issuer.x509 = x509;
}
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
CopyDecodedName(&x509->subject, dCert, SUBJECT);
CopyDecodedName(&x509->subject, dCert, ASN_SUBJECT);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (dCert->subjectName != NULL) {
wolfSSL_X509_set_subject_name(x509,
@ -30286,7 +30286,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap);
ret = GetName(cert, SUBJECT, dnSz);
ret = GetName(cert, ASN_SUBJECT, dnSz);
if (ret == 0) {
if ((name = wolfSSL_X509_NAME_new_ex(cert->heap)) == NULL)
@ -30294,7 +30294,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
}
if (ret == 0) {
CopyDecodedName(name, cert, SUBJECT);
CopyDecodedName(name, cert, ASN_SUBJECT);
}
if (ret == 0) {

4
src/ocsp.c
View File

@ -251,10 +251,10 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
else if (*status) {
#ifndef NO_ASN_TIME
if (XVALIDATE_DATE((*status)->thisDate,
(*status)->thisDateFormat, BEFORE)
(*status)->thisDateFormat, ASN_BEFORE)
&& ((*status)->nextDate[0] != 0)
&& XVALIDATE_DATE((*status)->nextDate,
(*status)->nextDateFormat, AFTER))
(*status)->nextDateFormat, ASN_AFTER))
#endif
{
ret = xstat2err((*status)->status);

4
src/tls.c
View File

@ -6907,14 +6907,14 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
InitDecodedCert(cert, input + idx, extLen, ssl->heap);
didInit = TRUE;
idx += extLen;
ret = GetName(cert, SUBJECT, extLen);
ret = GetName(cert, ASN_SUBJECT, extLen);
}
if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL)
ret = MEMORY_ERROR;
if (ret == 0) {
CopyDecodedName(name, cert, SUBJECT);
CopyDecodedName(name, cert, ASN_SUBJECT);
if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
== WOLFSSL_FAILURE)
ret = MEMORY_ERROR;

2
src/x509.c
View File

@ -11113,7 +11113,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
InitDecodedCert(cert, *in, (word32)length, NULL);
/* Parse the X509 subject name */
if (GetName(cert, SUBJECT, (int)length) != 0) {
if (GetName(cert, ASN_SUBJECT, (int)length) != 0) {
WOLFSSL_MSG("WOLFSSL_X509_NAME parse error");
goto cleanup;
}

4
src/x509_str.c
View File

@ -281,11 +281,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
byte *beforeDate = ctx->current_cert->notBefore.data;
if (XVALIDATE_DATE(afterDate,
(byte)ctx->current_cert->notAfter.type, AFTER) < 1) {
(byte)ctx->current_cert->notAfter.type, ASN_AFTER) < 1) {
ret = ASN_AFTER_DATE_E;
}
else if (XVALIDATE_DATE(beforeDate,
(byte)ctx->current_cert->notBefore.type, BEFORE) < 1) {
(byte)ctx->current_cert->notBefore.type, ASN_BEFORE) < 1) {
ret = ASN_BEFORE_DATE_E;
}
SetupStoreCtxError(ctx, ret);

156
wolfcrypt/src/asn.c
View File

@ -13830,13 +13830,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
/* store pointer to raw issuer */
if (nameType == ISSUER) {
if (nameType == ASN_ISSUER) {
cert->issuerRaw = &input[srcIdx];
cert->issuerRawLen = length;
}
#endif
#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectRaw = &input[srcIdx];
cert->subjectRawLen = length;
}
@ -13917,14 +13917,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#endif
if (id == ASN_COMMON_NAME) {
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectCN = (char *)&input[srcIdx];
cert->subjectCNLen = strLen;
cert->subjectCNEnc = (char)b;
}
#if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerCN = (char*)&input[srcIdx];
cert->issuerCNLen = strLen;
cert->issuerCNEnc = (char)b;
@ -13943,7 +13943,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_NAME;
copyLen = sizeof(WOLFSSL_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectN = (char*)&input[srcIdx];
cert->subjectNLen = strLen;
cert->subjectNEnc = b;
@ -13959,7 +13959,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_INITIALS;
copyLen = sizeof(WOLFSSL_INITIALS) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectI = (char*)&input[srcIdx];
cert->subjectILen = strLen;
cert->subjectIEnc = b;
@ -13975,7 +13975,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_GIVEN_NAME;
copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectGN = (char*)&input[srcIdx];
cert->subjectGNLen = strLen;
cert->subjectGNEnc = b;
@ -13991,7 +13991,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_DNQUALIFIER;
copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectDNQ = (char*)&input[srcIdx];
cert->subjectDNQLen = strLen;
cert->subjectDNQEnc = b;
@ -14008,13 +14008,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_SUR_NAME;
copyLen = sizeof(WOLFSSL_SUR_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectSN = (char*)&input[srcIdx];
cert->subjectSNLen = strLen;
cert->subjectSNEnc = (char)b;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerSN = (char*)&input[srcIdx];
cert->issuerSNLen = strLen;
cert->issuerSNEnc = (char)b;
@ -14031,13 +14031,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_COUNTRY_NAME;
copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectC = (char*)&input[srcIdx];
cert->subjectCLen = strLen;
cert->subjectCEnc = (char)b;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerC = (char*)&input[srcIdx];
cert->issuerCLen = strLen;
cert->issuerCEnc = (char)b;
@ -14054,13 +14054,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_LOCALITY_NAME;
copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectL = (char*)&input[srcIdx];
cert->subjectLLen = strLen;
cert->subjectLEnc = (char)b;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerL = (char*)&input[srcIdx];
cert->issuerLLen = strLen;
cert->issuerLEnc = (char)b;
@ -14077,13 +14077,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_STATE_NAME;
copyLen = sizeof(WOLFSSL_STATE_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectST = (char*)&input[srcIdx];
cert->subjectSTLen = strLen;
cert->subjectSTEnc = (char)b;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerST = (char*)&input[srcIdx];
cert->issuerSTLen = strLen;
cert->issuerSTEnc = (char)b;
@ -14100,13 +14100,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_ORG_NAME;
copyLen = sizeof(WOLFSSL_ORG_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectO = (char*)&input[srcIdx];
cert->subjectOLen = strLen;
cert->subjectOEnc = (char)b;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerO = (char*)&input[srcIdx];
cert->issuerOLen = strLen;
cert->issuerOEnc = (char)b;
@ -14123,13 +14123,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_ORGUNIT_NAME;
copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectOU = (char*)&input[srcIdx];
cert->subjectOULen = strLen;
cert->subjectOUEnc = (char)b;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerOU = (char*)&input[srcIdx];
cert->issuerOULen = strLen;
cert->issuerOUEnc = (char)b;
@ -14146,13 +14146,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_SERIAL_NUMBER;
copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectSND = (char*)&input[srcIdx];
cert->subjectSNDLen = strLen;
cert->subjectSNDEnc = (char)b;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerSND = (char*)&input[srcIdx];
cert->issuerSNDLen = strLen;
cert->issuerSNDEnc = (char)b;
@ -14169,7 +14169,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_USER_ID;
copyLen = sizeof(WOLFSSL_USER_ID) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectUID = (char*)&input[srcIdx];
cert->subjectUIDLen = strLen;
cert->subjectUIDEnc = (char)b;
@ -14186,7 +14186,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_STREET_ADDR_NAME;
copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectStreet = (char*)&input[srcIdx];
cert->subjectStreetLen = strLen;
cert->subjectStreetEnc = (char)b;
@ -14202,7 +14202,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_BUS_CAT;
copyLen = sizeof(WOLFSSL_BUS_CAT) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectBC = (char*)&input[srcIdx];
cert->subjectBCLen = strLen;
cert->subjectBCEnc = (char)b;
@ -14217,7 +14217,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_POSTAL_NAME;
copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectPC = (char*)&input[srcIdx];
cert->subjectPCLen = strLen;
cert->subjectPCEnc = (char)b;
@ -14256,7 +14256,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_JOI_C;
copyLen = sizeof(WOLFSSL_JOI_C) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectJC = (char*)&input[srcIdx];
cert->subjectJCLen = strLen;
cert->subjectJCEnc = (char)b;
@ -14274,7 +14274,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_JOI_ST;
copyLen = sizeof(WOLFSSL_JOI_ST) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectJS = (char*)&input[srcIdx];
cert->subjectJSLen = strLen;
cert->subjectJSEnc = (char)b;
@ -14338,13 +14338,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#if !defined(IGNORE_NAME_CONSTRAINTS) || \
defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectEmail = (char*)&input[srcIdx];
cert->subjectEmailLen = strLen;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
else if (nameType == ISSUER) {
else if (nameType == ASN_ISSUER) {
cert->issuerEmail = (char*)&input[srcIdx];
cert->issuerEmailLen = strLen;
}
@ -14446,7 +14446,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
if (nameType == ISSUER) {
if (nameType == ASN_ISSUER) {
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
(defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX);
@ -14505,14 +14505,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
if (ret == 0) {
#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
/* Store pointer and length to raw issuer. */
if (nameType == ISSUER) {
if (nameType == ASN_ISSUER) {
cert->issuerRaw = &input[srcIdx];
cert->issuerRawLen = len;
}
#endif
#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
/* Store pointer and length to raw subject. */
if (nameType == SUBJECT) {
if (nameType == ASN_SUBJECT) {
cert->subjectRaw = &input[srcIdx];
cert->subjectRawLen = len;
}
@ -14531,7 +14531,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
&srcIdx, maxIdx);
if (ret == 0) {
/* Put RDN data into certificate. */
ret = GetRDN(cert, full, &idx, &nid, nameType == SUBJECT,
ret = GetRDN(cert, full, &idx, &nid, nameType == ASN_SUBJECT,
dataASN);
}
#ifdef WOLFSSL_X509_NAME_AVAILABLE
@ -14589,7 +14589,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#ifdef WOLFSSL_X509_NAME_AVAILABLE
/* Store X509_NAME in certificate. */
if (nameType == ISSUER) {
if (nameType == ASN_ISSUER) {
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY)) && \
(defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
@ -14639,7 +14639,7 @@ enum {
* Either the issuer or subject name.
*
* @param [in, out] cert Decoded certificate object.
* @param [in] nameType Type of name being decoded: ISSUER or SUBJECT.
* @param [in] nameType Type being decoded: ASN_ISSUER or ASN_SUBJECT.
* @param [in] maxIdx Index of next item after certificate name.
* @return 0 on success.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
@ -14660,7 +14660,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
WOLFSSL_MSG("Getting Name");
if (nameType == ISSUER) {
if (nameType == ASN_ISSUER) {
full = cert->issuer;
hash = cert->issuerHash;
}
@ -14718,7 +14718,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset;
/* Get fields to fill in based on name type. */
if (nameType == ISSUER) {
if (nameType == ASN_ISSUER) {
full = cert->issuer;
hash = cert->issuerHash;
}
@ -15092,7 +15092,7 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)
/* Make sure before and after dates are valid */
/* date = ASN.1 raw */
/* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */
/* dateType = AFTER or BEFORE */
/* dateType = ASN_AFTER or ASN_BEFORE */
int wc_ValidateDate(const byte* date, byte format, int dateType)
{
time_t ltime;
@ -15122,14 +15122,14 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
#endif
#ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW
if (dateType == BEFORE) {
if (dateType == ASN_BEFORE) {
WOLFSSL_MSG("Skewing local time for before date check");
ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW;
}
#endif
#ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW
if (dateType == AFTER) {
if (dateType == ASN_AFTER) {
WOLFSSL_MSG("Skewing local time for after date check");
ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW;
}
@ -15163,13 +15163,13 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
return 0;
}
if (dateType == BEFORE) {
if (dateType == ASN_BEFORE) {
if (DateLessThan(localTime, &certTime)) {
WOLFSSL_MSG("Date BEFORE check failed");
return 0;
}
}
else { /* dateType == AFTER */
else { /* dateType == ASN_AFTER */
if (DateGreaterThan(localTime, &certTime)) {
WOLFSSL_MSG("Date AFTER check failed");
return 0;
@ -15335,7 +15335,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
byte format;
word32 startIdx = 0;
if (dateType == BEFORE)
if (dateType == ASN_BEFORE)
cert->beforeDate = &cert->source[cert->srcIdx];
else
cert->afterDate = &cert->source[cert->srcIdx];
@ -15349,7 +15349,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
XMEMSET(date, 0, MAX_DATE_SIZE);
XMEMCPY(date, datePtr, (size_t)length);
if (dateType == BEFORE)
if (dateType == ASN_BEFORE)
cert->beforeDateLen = (int)(cert->srcIdx - startIdx);
else
cert->afterDateLen = (int)(cert->srcIdx - startIdx);
@ -15357,7 +15357,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
#ifndef NO_ASN_TIME_CHECK
if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE &&
!XVALIDATE_DATE(date, format, dateType)) {
if (dateType == BEFORE) {
if (dateType == ASN_BEFORE) {
WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E);
return ASN_BEFORE_DATE_E;
}
@ -15383,10 +15383,10 @@ static int GetValidity(DecodedCert* cert, int verify, int maxIdx)
maxIdx = (int)cert->srcIdx + length;
if (GetDate(cert, BEFORE, verify, maxIdx) < 0)
if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0)
badDate = ASN_BEFORE_DATE_E; /* continue parsing */
if (GetDate(cert, AFTER, verify, maxIdx) < 0)
if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0)
return ASN_AFTER_DATE_E;
if (badDate != 0)
@ -15586,7 +15586,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
WOLFSSL_MSG("Got Algo ID");
if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0)
if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0)
return ret;
if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0)
@ -15595,7 +15595,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
}
#endif
if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0)
if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0)
return ret;
WOLFSSL_MSG("Got Subject Name");
@ -15622,8 +15622,8 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
* @return 0 on success.
* @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
* @return ASN_DATE_SZ_E when time data is not supported.
* @return ASN_BEFORE_DATE_E when BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when AFTER date is invalid.
* @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
* is invalid.
* @return BUFFER_E when data in buffer is too small.
@ -21725,12 +21725,12 @@ enum {
/* Check the data data.
*
* @param [in] dataASN ASN template dynamic data item.
* @param [in] dataType BEFORE or AFTER date.
* @param [in] dataType ASN_BEFORE or ASN_AFTER date.
* @return 0 on success.
* @return ASN_TIME_E when BER tag is nor UTC or GENERALIZED time.
* @return ASN_DATE_SZ_E when time data is not supported.
* @return ASN_BEFORE_DATE_E when BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when AFTER date is invalid.
* @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
*/
static int CheckDate(ASNGetData *dataASN, int dateType)
{
@ -21748,10 +21748,10 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
}
#ifndef NO_ASN_TIME_CHECK
/* Check date is a valid string and BEFORE or AFTER now. */
/* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */
if ((ret == 0) &&
(!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) {
if (dateType == BEFORE) {
if (dateType == ASN_BEFORE) {
ret = ASN_BEFORE_DATE_E;
}
else {
@ -21776,8 +21776,8 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
* @return ASN_CRIT_EXT_E when a critical extension was not recognized.
* @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
* @return ASN_DATE_SZ_E when time data is not supported.
* @return ASN_BEFORE_DATE_E when BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when AFTER date is invalid.
* @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
* is invalid.
* @return BUFFER_E when data in buffer is too small.
@ -21898,27 +21898,27 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
/* No bad date error - don't always care. */
badDate = 0;
/* Find the item with the BEFORE date and check it. */
/* Find the item with the ASN_BEFORE date and check it. */
i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0)
? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC
: X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT;
if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) &&
if ((CheckDate(&dataASN[i], ASN_BEFORE) < 0) && (verify != NO_VERIFY) &&
(verify != VERIFY_SKIP_DATE)) {
badDate = ASN_BEFORE_DATE_E;
}
/* Store reference to BEFOREdate. */
/* Store reference to ASN_BEFORE date. */
cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source);
cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
/* Find the item with the AFTER date and check it. */
/* Find the item with the ASN_AFTER date and check it. */
i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0)
? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC
: X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT;
if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) &&
if ((CheckDate(&dataASN[i], ASN_AFTER) < 0) && (verify != NO_VERIFY) &&
(verify != VERIFY_SKIP_DATE)) {
badDate = ASN_AFTER_DATE_E;
}
/* Store reference to AFTER date. */
/* Store reference to ASN_AFTER date. */
cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source);
cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
@ -22049,13 +22049,13 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
if ((ret == 0) && (issuer != NULL)) {
idx = 0;
/* Put issuer into cert and calculate hash. */
ret = GetCertName(cert, cert->issuer, cert->issuerHash, ISSUER, issuer,
ret = GetCertName(cert, cert->issuer, cert->issuerHash, ASN_ISSUER, issuer,
&idx, issuerSz);
}
if ((ret == 0) && (subject != NULL)) {
idx = 0;
/* Put subject into cert and calculate hash. */
ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT,
ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT,
subject, &idx, subjectSz);
}
if (ret == 0) {
@ -22117,8 +22117,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
* @return ASN_CRIT_EXT_E when a critical extension was not recognized.
* @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
* @return ASN_DATE_SZ_E when time data is not supported.
* @return ASN_BEFORE_DATE_E when BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when AFTER date is invalid.
* @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
* is invalid.
* @return BUFFER_E when data in buffer is too small.
@ -22463,7 +22463,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
/* Parse the subject name. */
idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset;
ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT,
ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT,
cert->source, &idx,
dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset);
}
@ -35811,7 +35811,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
#ifndef NO_ASN_TIME_CHECK
#ifndef WOLFSSL_NO_OCSP_DATE_CHECK
if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE))
if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE))
return ASN_BEFORE_DATE_E;
#endif
#endif
@ -35847,7 +35847,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
#ifndef NO_ASN_TIME_CHECK
#ifndef WOLFSSL_NO_OCSP_DATE_CHECK
if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER))
if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, ASN_AFTER))
return ASN_AFTER_DATE_E;
#endif
#endif
@ -35955,8 +35955,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
/* Store the thisDate format - only one possible. */
cs->thisDateFormat = ASN_GENERALIZED_TIME;
#if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
/* Check date is a valid string and BEFORE now. */
if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, BEFORE)) {
/* Check date is a valid string and ASN_BEFORE now. */
if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) {
ret = ASN_BEFORE_DATE_E;
}
}
@ -35978,8 +35978,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
/* Store the nextDate format - only one possible. */
cs->nextDateFormat = ASN_GENERALIZED_TIME;
#if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
/* Check date is a valid string and AFTER now. */
if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, AFTER)) {
/* Check date is a valid string and ASN_AFTER now. */
if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) {
ret = ASN_AFTER_DATE_E;
}
}
@ -38011,7 +38011,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
{
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid");
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
return CRL_CERT_DATE_ERR;
@ -38627,7 +38627,7 @@ end:
if (dcrl->nextDateFormat != 0) {
/* Next date was set, so validate it. */
if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid");
ret = CRL_CERT_DATE_ERR;
WOLFSSL_ERROR_VERBOSE(ret);

2
wolfssl/openssl/ssl.h
View File

@ -835,7 +835,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define COMP_zlib wolfSSL_COMP_zlib
#define COMP_rle wolfSSL_COMP_rle
#define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
#define COMP_get_name wolfSSL_COMP_get_name
#define SSL_COMP_get_name wolfSSL_COMP_get_name
#define SSL_get_current_compression wolfSSL_get_current_compression
#define SSL_get_current_expansion wolfSSL_get_current_expansion

8
wolfssl/wolfcrypt/asn.h
View File

@ -76,11 +76,11 @@ that can be serialized and deserialized in a cross-platform way.
#endif
enum {
ISSUER = 0,
SUBJECT = 1,
ASN_ISSUER = 0,
ASN_SUBJECT = 1,
BEFORE = 0,
AFTER = 1
ASN_BEFORE = 0,
ASN_AFTER = 1
};
/* ASN Tags */